package com.dashang.util.filter;

import java.io.IOException;
import java.util.List;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.dashang.entity.Role;
import com.dashang.entity.UserInfo;
import com.dashang.util.common.SystemConstant;

/**
 * 鉴权过滤
 *
 * @author 陈兴
 * @version [版本号, 2011-9-16]
 * @see [相关类/方法]
 * @since [产品/模块版本]
 */
public class SecurityFilter extends HttpServlet implements Filter
{

    /**
     * serialVersionUID
     */
    private static final long serialVersionUID = -2279422376695836154L;

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException
    {
        HttpServletRequest req = (HttpServletRequest)request;

        // 获得登陆用户
        UserInfo userInfo = (UserInfo)req.getSession().getAttribute(SystemConstant.LOGIN_USER);

        if (null != userInfo)
        {
            List<Role> roles = userInfo.getRoles(); // 获得用户权限

            if (null == roles)
            {
                // 如果获取不到用户权限，查询用户权限

            }
        }
        else
        {
            ((HttpServletResponse)response).sendRedirect(req.getContextPath());
        }
    }

    public void init(FilterConfig filterConfig)
        throws ServletException
    {

    }

}
